Over the past dozen years, I have discussed in a number of venues the necessity for robust security practices and the techniques needed to implement them on the FileMaker Platform. Such discussions have as their underlying framework a fairly traditional Information Security paradigm.
There are Threat Agents who seek to initiate Exploits or Threats that negatively Impact the Confidentiality, Integrity, and Availability of FileMaker Platform systems or other Digital Assets. These attacks also can damage the Resilience of the Digital Asset. These Threat Agents exploit a Vulnerability in the design or the deployment of the FileMaker systems. FileMaker Platform developers and FileMaker Server Administrators must assess the Risk that a Threat Agent will use a Vulnerability to trigger an Exploit that attacks the FileMaker Platform system.
I have learned that developers, after some examination of this concept, do understand it. And I have also learned is this: In many instances, developers do not see how these circumstances impact them. They do not connect the Information Security Paradigm model with their on-the-ground implementation of solutions built on the FileMaker Platform. That is what I intend to address in this paper.
I am going to describe some exploits and threats that target commonly-found vulnerabilities. And I will explain how to close those vulnerabilities. There are six significant and common exploits that can be run against FileMaker Platform systems. Each takes advantage of one or more of seven vulnerabilities to compromise Confidentiality, Integrity, or Availability or to damage Resilience of the system and its data. Each can be easy to trigger, and each can do significant damage.
Read more here: